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(57) Abstract 

The invention provides technology that innprovcs the security of the A-Keys in a wireless communication system (101). The 
technology effectively prevents any human access to the A-Keys and eliminates cloning. The invention improves the security and integrity 
of the wireless communication system (101). A secure processor (104) exchanges random numbers with a wireless communication device 
(100) to generate the A-Key. The secure processor (104) then encrypts the A-Key and transfers the encrypted A-Key to an authentication 
system (103). When the authentication system (103) generates or updates the SSD, the authentication system transfers the encrypted A-Key 
and other information to the secure processor (104), The secure processor (104) decrypts the A-Key and calculates the SSD. The secure 
processor (104) transfers the SSD to the authentication system (103) for use in authenticating system (103) the wireless communication 
device (100). 
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SECURE PROCESSING FOR AUTHENTICATION 
OF A WIRELESS COMMUNICATIONS DEVICE 

5 BACKGROUND OF THE INVENTION 

I. Field of the Invention 

The present invention relates to the field of wireless comniiinications. 
10 More particularly, the present invention relates to a novel and improved 
system that encrypts the information used to authenticate a wireless 
commimications device. 

II. Description of the Related Art 

15 

The security of a wireless communications system is an important factor 
in determining the quality of the system. A major security threat to wireless 
communications systems is the cloning of wireless commimications devices. 
Each wireless commimications device has an authentication key (A-Key). The 

20 wireless communications system uses the A-key along with other information 
to autlienticate the wireless communications device, and the wireless 
communications device may be denied service without proper authentication. 

This oiher information used with the A-key to authenticate the wireless 
communications device is typically broadcast over the air and is relatively easy 

25 to obtain. The A-key is the one piece of information that should remain 
absolutely secret within the wireless communications device and the wireless 
communications system. If the A-Key is obtained, then the legitimate wireless 
communications device can be readily cloned given the available access to the 
other information. The wireless communications system is imable to 

30 differentiate between the legitimate wireless commimications device and the 
clone. 

Unfortunately, the user of the legitimate wireless communications 
device is improperly billed for calls made with the clone. The wireless 
communications system typically forgives the fraudulent bills, but the 
35 reputahon of the wireless communications system is damaged. The wireless 
commimications system must also increase capacity to handle fraudulent calls 
without obtaining any associated revenue. The cost of the increased capacity is 
typically passed on to legitimate wireless communications device users. 
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The wireless communications system has an authentication system to 
authenticate wireless communications devices. The authentication system and 
the wireless communications device each use the A-key and a shared random 
nimiber to generate identical Shared Secret Data (SSD). The authentication 
5 system and the wireless communications device periodically update the SSD. 
To authenticate a wireless communications device, the authentication system 
and the wireless communications device share another random number. The 
authentication system and the wireless conununications device each use the 
SSD and this other random ntmiber to generate an authentication result. The 
10 wireless communications device is authenticated if it transfers a matching 
authentication result to the authentication system. Although technically 
possible, it is not computationally feasible to derive the A-Key from the 
authentication result considering the vast amount of computing power and 
time required. 

15 The authentication system maintains large databases of A-Keys for 

millions of wireless communications devices. The mass storage of A-Keys 
poses a great risk. If a person obtains access to the authentication system, then 
that person can potentially clone large numbers of wireless commimications 
devices and seriously imdermine the security and integrity of the wireless 

20 communications system. The wireless commimications system would be 
greatly improved by a technology that improves the security of A-Keys in a 
wireless communications system. 

SUMMARY OF THE INVENTION 

25 

The present invention is a novel and improved system that provides 
security for the A-Keys in a wireless commimications system. The system 
effectively prevents any human access to the A-Keys and eliminates cloning. 
The system improves the security and integrity of the wireless communications 
30 system. 

The invention allows the authentication system to store only encrypted 
A-Keys. The decryption key for the encrypted A-Keys is stored in a secure 
processor. The authentication system uses the secure processor for A-key 
operations. The secure processor can be physically isolated to prevent human 
35 access to the A-Keys and the A-key decryption key. For example, the secure 
processor can be encased in concrete or placed in a vault. Thus, the decrypted 
authentication keys only exist momentarily in the secure processor, and the 
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authentication system only stores encrypted A-keys. The invention eliminates 
the storage of large numbers of deaypted A-Keys. 

The secure processor exchanges random numbers with the wireless 
communications device to generate the A-Key. The secure processor then 
5 encrypts the A-Key and transfers the encrypted A-Key to the authentication 
system. When the authentication system generates or updates the SSD, the 
authentication system transfers the encrypted A-Key and other information to 
the secure processor. The secure processor decrypts the A-Key and calculates 
the SSD. The secure processor transfers the SSD to the authentication system 
10 for use in authenticating the wireless communications device. 

The A-Key is generated in the secure processor and it is not transferred 
from the secure processor imless it is encrypted. The decrypted A-Key is only 
present in the seciu-e processor momentarily during its actual use and is not 
permanently stored. Thus, the invention eliminates the need for a database of 
non-enciypted A-Keys. The invention also restricts human access to the A-key 
decryption key. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The featiu-es, objects, and advantages of the present invention will 
become more apparent from the detailed description set forth below when 
taken in conjionction with the drawings in which Uke reference characters 
idenhh' correspondingly throughout and wherein: 

FIG. 1 is a block diagram of a wireless communications system in an 
embodiment cf the invention; 

FIG. 2 is a block diagram of an authentication system and a secure 
processor in an embodiment of the invention; 

FIG. 3 is process diagram illustrating A-Key generation in an 
embodiment of the invention; 

FIG. 4 is process diagram illustrating SSD generation or update in an 
embodiment of the invention; 

FIG. 5 is process diagram illustrating wireless commimications device 
authentication in an embodiment of the invention; 

FIG. 6 is process diagram illustrating A-Key generation using Diffie- 
Hellman in an embodiment of the invention; 

FIG. 7 is process diagram illustrating SSD generation or update using 
CAVE in an embodiment of the invention; 
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FIG. 8 is process diagram illustrating wireless communications device 
authentication using CAVE in an embodiment of the invention; 

FIG. 9 is process diagram illustrating wireless communications device 
authentication in an alternative embodiment of the invention; 

FIG. 10 is a block diagram of an authentication system and redundant 
secure processors in an embodiment of the invention; and 

FIG. 11 is a block diagram of an authentication system and a secure 
processor coupled to another secure processor at a wireless commimications 
device mantxfacturing facility in an embodiment of the invention. 

DETAILED DESCRIPTION OF THE PREFERRED 

EMBODIMENTS 

Authentication in a wireless commimications system is discussed in the 
15 IS-95 standard approved by the Telecommimications Industry Association and 
in the 41(d) standard of the American National Standards Institute (ANSI). 
Authentication relies on a secret Authentication Key (A-Key) that is stored in 
both the wireless device and the communications system. The wireless device 
and the communications system use the A-Key and other data to generate 
20 Shared Secret Data (SSD). The wireless device and the commimications system 
use the SSD and other data to generate an authentication result. The 
authentication result generated by wireless device should be the same as the 
authentication result generated by the communications system. The two 
authentication results are compared, and the wireless device is authenticated if 
25 they match. 

The A-Key is not transmitted and typically remains the same. The SSD 
is periodically updated because it may be transmitted over the signaling 
network, such as Signaling System # 7. The SSD is not typically transmitted 
over the air between the wireless communications device and the wireless 
30 communications system. The SSD is used with other information to generate 
the authentication result that is transmitted over the air between the wireless 
commimications device and the wireless communications system. The terms 
and operations described in the above two paragraphs are known in the art. 

35 System Configuration - FIGS. 1-2 / 

FIG. 1 depicts a wireless commimications device 100 that communicates 
with a wireless conamunications system 101. The wireless communications 
system 101 comprises a base station 102, an authentication system 103, and a 
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secure processor 104. Typically, a wireless communications system includes 
multiple base stations and base station conb-oUers that support numerous 
wireless communications devices. HG. 1 has been simplified for clarity and 
omits some conventional elements known to those skilled in the art. 

The wireless communications device 100 exchanges wireless 
communications signals with the base station 102 over the air interface. The 
wireless communications device 100 could be any wireless communications 
device that requires authentication, such as a mobile phone, wireless terminal, 
or computer. The wireless communications device 100 stores authentication 
information and authentication insta^ctions for execution by an internal 
processor. The insfaiactions direct the wireless communications device 100 to 
generate and store an A-Key, SSD, and authentication results. The instiiictions 
also direct the wireless communications device 100 to exchange information 
with the authentication system 103 to facilitate authentication. 

The base station 102 exchanges wireless communications signals with 
the wireless communications device 100 over the air interface. The base station 
102 also exchanges communications signals with other communications 
network elements, such as controUers, switches, and databases. The base 
station 102 is operationally coupled to the authentication system 103, typically 
through a base station controller. In some embodiments, the wireless 
communications device 100 and the base station 102 are Code Division Multiple 
Access (CDMA) devices. The IS-95 standard, approved by the 
Telecommunication Industry Association, provides a specification for CDMA 
in a wireless commvmication system. 

The.authentication system 103 provides an authentication service to the 
wireless communications device 100 and the base station 102. In some 
embodiments, the authentication system 103 forms a sub-system of a Home 
Location Register (HLR). The authentication system 103 is a computer system 
that stores authentication information and operating instructions for execution 
by an internal processor. The operating instructions direct the authentication 
system 103 to store encrypted A-Keys and SSD from the secure processor 104 
and to generate authentication results. The operating ii^tructions also direct 
the authentication system 103 to exchange information with the wireless 
conunuiucations device 100 and the secure processor 104 to authenticate the 
35 wireless communications device 100. 

The secure processor 104 provides an encryption capability to the 
authentication system 103. Physical and elertronic access to the secure 
processor 104 is typically heavily resbicted. For example, the secure processor 
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104 may be placed in a vault or encased in concrete. The secure processor 
104 stores and executes operating instructions. The operating instructions 
direct the secure processor 104 to generate and encrypt A-Keys for storage in 
the authentication system 103. The operating instructions also direct the 
5 secure processor 104 to generate SSD for storage and use in the 
authentication system 103. 

FIG, 2 depicts the authentication system 103 and the secure processor 
104 in greater detail. The authentication system 103 comprises a processor 
210, an interface 211, and an authentication information database 212. The 

10 secure processor 104 comprises a processor 220, an interface 221, and a 
memory 222. The interfaces 211 and 221 are connected by a data link and 
comprise any system that supports data transfer between the authentication 
system 103 and the secure processor 104. The interfaces 211 and 221 could 
support conventional communications, such as serial communications or 

15 Ethernet. The authentication information database 212 stores the SSD and 
encrypted A-Keys. The authentication information database 212 may also 
store operating instructions for the processor 210. The memory 222 is a 
storage medium that stores operating instructions and decryption keys for 
the processor 220. 

20 The processors 210 and 220 could be conventional microprocessors, or 

groups of microprocessors, that execute operating instructions. The 
processor 210 executes instructions that cause the authentication system to 
interact v^ith the wireless communications device 100 and the secure 
processor 104 to authenticate the wireless communications device 100. The 

25 processor 220 executes instructions that cause the secure processor 104 to 
interact with the authentication system 103 to generate an encrypted A-Key 
and to subsequently decrypt the encrypted A-Key and generate the SSD. 

The operating instructions stored in the secure processor 104, the 
authentication system 103, and the wireless communications device 100 

30 could be software stored on conventional storage medium. The storage 
medium could be a conventional memory, disk, or integrated circuit. The 
processors in the secure processor 104, the authentication system 103, and 
the wireless communications device 100 execute the software. When 
executed, the software directs the processors to operate in accord with the 

35 invention. This operation will become readily apparent to those skilled in 
the art in the following discussion of FIGS. 3-8. 
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System Operation - FIGS. 3-8 

Those skiJIed in the art will recognize that processing and messages 
depicted on FIGS. 3-8 have been simplified, and that some conventional aspects 
of authentication have been omitted for clarity. In addition, the base station 
5 and the base station controller that are typically located between the wireless 
device and the authentication system have been omitted for clarity. Those 
skilled in the art will appreciate the operation of these devices within the 
context of FIGS. 3-8. 

FIG. 3 depicts A-Key generation. The A-key is typically generated when 

10 service to the wireless commimications device 100 is initially provisioned, such 
as during an Over-The-Air Service Provisioning (OTASP) operation. The A- 
Key generation process begins when the authentication system 103 generates 
an A-Key order and transmits the A-Key order to the device 100 and the secure 
processor 104. The A-Key order contains parameters for A-Key generation. 

15 The device 100 and the secure processor 104 generate an A-Key. Typically, A- 
Key generation between remote devices requires an exchange of random 
numbers to jointly calculate the A-Key. The device 100 stores the A-Key. The 
secure processor 104 encrypts the A-Key and transfers the encrypted A-Key to 
the authentication system 103. The authentication system 103 stores the 

20 encrypted A-Key. 

FIG. 4 depicts SSD generation or SSD update. The authentication system 
103 generates a random number RANDSSD. The authentication system 103 
sends an SSD update to the device 100 and the secure processor 104. The SSD 
update contains parameters for SSD generation, such as the RANDSSD. The 

25 SSD update to the secure processor 104 includes the encrypted A-Key. The 
secure processor 104 decrypts the A-Key. The secure processor 104 uses the A- 
Key to generate the SSD and sends the SSD to the authentication system 103. 
The authentication system 103 stores the SSD. The device 100 uses the A-Key to 
generate and store the SSD. After the A-Keys are stored, the device 100 and the 

30 authentication system 103 may execute a base station challenge to confirm the 
validity of the SSD generation. 

FIG. 5 depicts one example of authentication in the form of a unique 
challenge, but the invention is not restricted to this particular form of 
authentication. The authentication system 103 sends an authentication 

35 challenge to the device 100. In another form of authentication, the mobile 
switching center may broadcast the authentication challenge to the device 100 
and provide the authentication challenge to the authentication system 103. In 
either case, the authentication challenge contains parameters for generation of 
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an authentication result (AUTH). The device 100 and the authentication system 
103 each use their internally stored SSD and a random nimiber from the 
challenge message to generate AUTH. The device 100 transfers the AUTH to 
the authentication system 103 where the two AUTHs are compared. The 
5 authentication system 103 authenticates the device 100 if the AUTHs match. 

FIGS. 6-8 depict a specific embodiment of the operation depicted in 
FIGS. 3-5, but the invention is not restricted to this specific embodiment. FIG. 6 
depicts A-Key generation using the Diffie-Hellman algorithm and Blowfish 
encryption. Diffie-Hellman is a known algorithm for two remote systems to 

10 agree on a secret key. Blowfish is a known encryption techiuque. Diffie- 
Hellman discussed in Uruted States Patent 4,200,770 entitled "Cryptographic 
Apparatus and Method." Diffie-Hellman and Blowfish are also discussed in 
the book Applied Cryptography by Bruce Schneier, 2nd edition, published by 
John Wiley & Sons of New York, ISBN 0-471-11709-9. 

15 The secure processor 104 generates and stores a Blowfish encryption 

key, typically upon installation. The authentication system 103 generates two 
integers N and G and transfers N and G to the device 100 and the secure 
processor 104. The device 100 generates a large random integer A, and the 
secure processor 104 generates a large random integer B. The device 100 

20 calculates X = mod N, and the secure processor 104 calculates Y = G" mod N. 
The "mod" operation is a knowTi modulo calculation, such as that used with 
conventional time keeping at modulo 12 where 10:00 + 13 hours = 23 mod 12 = 
11:00. The device 100 and the secure processor 104 exchange X and Y. The 
device 100 then calculates A-Key = Y'' mod N, and the secure processor 104 

25 calculates A-Key = X' mod N. The two A-Keys should be the same. The device 
100 stores the A-Key, typically using flash Read Only Memory (ROM). The 
secure processor 104 applies Blowfish to encrypt the A-Key and transfers the 
encrypted A-Key to the authentication system 103. The authentication system 
103 stores the encrypted A-Key. 

30 It should be noted that the A-Key is generated in the secure processor 

104, but is not stored in the secure processor 104. In addition, the 
authentication system 103 only stores the encrypted A-Key. Therefore, the 
communications system does not have a large list of non-encrypted A-Keys. 
The decryption key for the encrypted A-Key is generated and stored only 

35 within the secure processor. 

FIG. 7 depicts SSD generation or update using the Cellular 
Authentication Voice Encryption (CAVE) algorithm. The CAVE algorithm is a 
known one-way hash functioru Two remote systems can each input the same 
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secret ID into the CAVE algorithm and pubHdy share their respective output. 
The outputs are the same if the secret IDs are the same, yet the secret ID is 
impossible to derive from the output from a practical standpoint. The CAVE 
algorithm is discussed in Appendix A of the IS-54 standard approved by the 
5 Telecommunications Industry Association. 

The authentication system 103 sends an SSD update to the device .100 
and the secure processor 104. The SSD update to the device 100 contains the 
random number RANDSSD that was generated by the authentication system 
103. The SSD update to the secure processor 104 includes the RANDSSD, 

10 encrypted A-Key, and other Identification Information (ID INFO). The ID INFO 
typicaUy includes data such as an Electronic Serial Number (ESN) and a Mobile 
Identification Number (MIN) or an International Mobile Station Identity (IMSI). 
Those skilled in the art are familiar with the types of ID INFO and their 
respective use. Although the term "mobile" is used in the MIN and the IMSI, 

15 these values and the invention can be used in the context of fixed wireless 
systems. 

The secure processor 104 applies Blowfish to decrypt the A-Key using its 
internally stored Blowfish key. The secvure processor 104 inputs RANDSSD, A- 
Key and ID INFO into CAVE to generate the SSD. The secure processor 104 
20 sends the SSD to the authentication system 103 where it is stored. The device 
100 also inputs RANDSSD, A-Key, and ID INFO into CAVE to generate and 
store the SSD. 

The device 100 and the authentication system 103 then execute a base - 
station challenge to confirm proper SSD generation. The device 100 generates a 

25 random number (RANDBS) and transfers RANDBS to the authentication 
system 103. Both the . device 100 and the authentication system 103 input 
RANDBS, SSD, and ID INFO into CAVE to generate an SSD authentication 
result (AUTH). The authentication system 103 transfers AUTH to the device 
100 where the two AUTHs are compared. The device 100 confirms the 

30 successful SSD generation with the authentication system 103 if the two AUTHs 
match. 

FIG. 8 depicts one example of authentication using CAVE. The 
authentication system 103 sends an authentication challenge to the device 100. 
The authentication challenge includes a random number (RANDU) for use in 
35 authentication. The device 100 and the authentication system 103 each input 
RANDU, SSD, and ID INFO into CAVE to generate an authentication result 
(AUTH). The device 100 transfers AUTH to the authentication system 103 
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where the two AUTHs axe compared. The authentication system 103 
authenticates the device 100 if the two AUTHs match. 



Alternative System Operation— FIG. 9 
5 FIG. 9 depicts an alternative system operation where the secure 

processor generates the authentication result and other data. The 
authentication system 103 transfers an authentication challenge with a random 
nimiber to the device 100 and the secure processor 104. The authentication 
challenge to the secure processor 104 also includes the SSD. The secure 

10 processor 104 generates an authentication result (AUTH) from the SSD and the 
random number. This could be accomplished using the CAVE algorithm as 
described above. The device 100 also generates AUTH from the SSD and the 
random number. The device 100 transfers its AUTH to the secure processor 
104. The secure processor 104 compares the AUTHs and instructs the 

15 authentication system 103 if the two AUTHs match. The authentication system 

103 authenticates the device 100 based on the match indicated by the secure 
processor 104. Alternatively, the device 100 and the secure processor 104 each 
transfer their respective AUTH to the authentication system 103 for 
comparison. 

20 The secure processor 104 also generates either the Signaling Message 

Encryption (SME) key or the Cellular Message Encryption Algorithm (CMEA) 
key. Either key is used by the wireless communications system to encrypt 
signaling messages. The keys are typically generated by inputting results from - 
the AUTH generation, the SSD, and the random number into CAVE. The 

25 secure processor 104 transmits the key to the authentication system 103. After 
the secure processor 104 generates the SME key or the CMEA key, it generates 
either a Voice Privacy Mask (VPM) or a CDMA Private Long Code Mask 
(PLCM). The masks are used to encode wireless voice conversations. The 
masks are typically generated by executing additional iterations of the CAVE 

30 algorithm used to generate the above keys. The secure processor 104 transfers 
the mask to the authentication system 103. 

In FIG. 9, the secure processor 104 can generate AUTH, SME key, CMEA 
key, VPM, or CDMA PLCM values. This allows the CAVE algorithm to be 
located in the secure processor 104 and not in the authentication system 103. 

35 The removal of the CAVE algorithm from the authentication system 103 
simplifies system design, distribution, and exportation. The secure processor 

104 can also be adapted to perform other tasks involving CAVE. 
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Redundant Secure Processors - FIG. 10 

FIG. 10 depicts authentication system 103 and secure processor 104. An 
additional seciu-e processor 105 has been added and is connected to the 
authentication system 103 and the secure processor 104. The addition of the 
5 secure processor 105 provides better reliability and faster performance to the 
authentication system 103. If the secure processor 104 has not responded to an 
earlier authentication task, and the authentication system 103 must authenticate 
another user, then the authentication system 103 can send the new 
authentication task to the secure processor 105. 

10 The secure processors 104 and 105 must each store the same encryption 

key, such as the same Blowfish key. The secure processors 104 and 105 could 
use either Diffie-Hellman or conventional public /private encryption techniques 
to agree on the same encryption key. If secure processor 104 fails and is 
replaced, the authentication system 103 can command the secure processor 105 

15 to send its encrj'ption key to the new secure processor using conventional 
encryption techniques. 

A-Kev Generation at the Manufacturing Facility - FIG. 11 

FIG. 11 depicts the authentication system 103 and the secure processor 

20 104. An additional secure processor 106 is placed at the facility where the 
device 100 is manufactured. The secure processor 104 and the secure processor 
106 agree on an encryption key in a secure manner. This agreement could be 
accomplished using conventional techniques. 

During manufacture of the device 100, the secure processor 106 

25 exchanges information with the wireless communications device 100 to 
generate an A-Key. The secure processor 106 encrypts the A-Key using the 
encryption key. The secure processor 106 transfers the encrypted A-Key onto a 
storage medium, such as a disk. The encrypted A-Keys are then loaded from 
the disk into the authentication system 103. Alternatively, secure processor 106 

30 may transfer the encrypted A-Keys to authentication system 103 over a data 
link. The authentication system 103 receives the encrypted A-key and transfers 
the encrypted A-key to the secure processor 104. 

The secure processor 104 receives the encryption key from the secure 
processor 106 and receives the encrypted A-Key from the authentication system 

35 103. The secure processor 104 decrypts the encrypted A-Key using the 
encryption key and generates the SSD using the decrypted A-Key. The secure 
processor 104 transfers SSD to the authentication system 103. The 



3NSDOCID; <WO 0011835A1_L> 



wo 00/11835 




PCTAJS99/191$9 



12 

authentication system 103 receives and stores the SSD from the secure 
processor 104. 

The previous description of the preferred embodiments is provided to 
enable any person skilled in the art to make or use the present invention. The 
5 various modifications to these embodiments will be readily apparent to those 
skiUed in the art, and the generic principles defined herein may be applied to 
other embodiments without the use of the inventive faculty. Thus, the present 
invention is not intended to be limited to the embodiments shown herein but is 
to he accorded the widest scope consistent vrtth the principles and novel 
10 features disclosed herein. 
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1. A method for operating a wireless communications system, the 
2 method comprising: 

receiving an encrypted authentication key from an authentication 
4 system into a secure processor; 

decrypting the encrypted authentication key in the secure processor; and 
6 generating shared secret data in the secure processor using the 

decrypted authentication key. 

2. The method of claim 1 further comprising transferring the shared 
2 secret data from the secure processor to the authentication system. 

3. The method of claim 2 further comprising: 

2 generating an authentication result in the authentication system using 

the shared secret data; 
4 receiving another authentication result into the authentication system 

from the wireless commimications device; and 
6 in the authentication system, authenticating the wireless 

communications device if the authentication result generated in the 
8 authentication system matches the other authentication result from the wireless 

communications device. 

4. The method of claim 3 further comprising: 

2 generating the shared secret data in the wrireless communications device 

using the authentication key; 
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4 generating the other authentication result in the wireless 

commtmications device using the shared secret data; and 
6 transferring the other authentication result from the wireless 

communications device to the authentication system. 

5. The method of claim 1 further comprising: 

2 generating the authentication key in the secure processor; 

encrypting the authentication key in the secure processor; and 
4 transferring the encrypted authentication key from the secure processor 

to the authentication system. 

6. The method of claim 5 further comprising: 

2 receiving the encrypted authentication key from the secure processor 

into the authentication system; and 
4 storing the encrypted authentication key in the authentication system. 

7. The method of claim 1 further comprising generating an 
2 authentication result in the secure processor using the shared secret data, 

8- The method of claim 7 further comprising: 
2 receiving another authentication result into the secure processor from 

the wireless communications device; and 
4 in the secure processor, comparing the authentication result generated in 

the authentication system to the other authentication result from the wireless 
6 communications device. 

9. The method of claim 1 further comprising generating a Signaling 
2 Message Encryption key in the secure processor using the shared secret data. 

10. The method of claim 1 further comprising generating a Cellular 
2 Message Encryption Algorithm key in the secure processor using the shared 

secret data. 

11. The method of claim 1 further comprising generating a Voice 
2 Privacy Mask in the secure processor using the shared secret data. 
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12. The method of claim 1 hirther comprising generating a Code 
2 Division Multiple Access Private Long Code Mask in the secure processor 

using the shared secret data. 

13. The method of claim 1 further comprising restricting physical 
2 access to the secure processor. 

14. The method of claim 1 wherein the wireless communications 
2 device is a Code Division Multiple Access device. 

15. The method of claim 1 wherein the authentication system 
2 comprises a home location register. 
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2 16. A method for generating an authentication key for use by a 

wireless communications system in authenticating a wireless communications 

4 device, wherein the wireless communications system includes an 
authentication system and a secure processor, the method comprising: 

6 generating the authentication key in the secure processor; 

encrypting the authentication key in the secure processor; and 

8 transferring the encrypted authentication key from the secure processor 

to the authentication system. 

17. The method of claim 16 further comprising: 

2 receiving the encrypted authentication key from the secure processor 

into the authentication system; and 
4 storing the encrypted authentication key in the authentication system. 

18. The method of claim 16 wherein generating the authentication 
2 key further comprises: 

generating a first number in the secure processor; 
4 generating a second nimiber in the secure processor using the first 

number; 

6 transferring the second nimrtber from the secure processor to the wireless 

communications device; 
8 receiving a third number into the secure processor from the wireless 

communications device; and 
10 generating the authentication key in the secure processor using the first 

number and the third number. 

19. The method of claim 18 wherein generating the authentication 
2 key further comprises: 

generating a fourth number in the wireless communicatioris device; 
4 generating the third munber in the wireless coirunvmications device 

using the fourth number; 
6 transferring the third nimiber from the wireless communications device 

to the secure processor; 
8 receiving the second nxmiber into the wireless communicatiorts device 

from the secure processor; and 
10 generating the authentication key in the wireless communications device 

using the second number and the fourth number. 
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20. A system for authenticating a wireless communications device 
2 that stores an authentication key, the system comprising: 

a secure processor operational to receive an encrypted authentication 
4 key, to decrypt the encrypted authentication key, to generate shared secret data 
using the decrypted authentication key, and to transfer the shared secret data; 
6 and 

an authentication system operationally coupled to the secure processor 
8 and operational to generate an authentication result using the shared secret 
data, to receive another authentication result from the wireless communications 
10 device, and to authenticate the wireless commimications device if the 
authentication result generated in the authentication system matches the other 
12 authentication result from the wireless commimications device. 

21. The system of claim 20 further comprising the wireless 
2 communications device and wherein the wireless communications device is 

operational to generate the shared secret data using the authentication key, to 
4 generate the other authentication result using the shared secret data, and to 
transfer the other authentication result to the authentication system. 

22. The system of claim 21 wherein the wireless communications 
2 device is operational to generate the authentication key. 

23. The system of claim 21 further comprising a base station 
2 operational to transfer information between the wireless commimications 

device and the authentication system. 

24. The system of claim 20 wherein the secure processor is further 
2 operational to generate the authentication key, to encrypt the authentication 

key, and to transfer the encrypted authentication key to the authentication 
4 system. 

25. The system of claim 24 wherein the authentication system is 
2 further operational to receive and store the encrypted authentication key from 

the secure processor. 

4 

26. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Signaling Message Encryption key using the shared 

secret data. 
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27. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Cellular Message Encryption Algorithm key using the 

shared secret data. 

28. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Voice Privacy Mask using the shared secret data. 

29. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Code Division Multiple Access Private Long Code 

Mask using the shared secret data. 

4 

30. The system of claim 20 wherein the wireless communications 
2 device is a Code Division Multiple Access device. 

31. The system of claim 20 wherein the authentication system 
2 comprises a home location register. 

32. A system for authenticating a wireless commimications device 
2 that stores an authentication key, the system comprising: 

a first secure processor operational to receive an encrypted 
4 authentication key, to decrypt the encrypted authentication key, to generate 
shared secret data using the decrypted authentication key, and to transfer the 
6 shared secret data; 

a second secure processor operational to receive the encrypted 
8 authentication key, to decrypt the encrypted authentication key, to generate the 
shared secret data using the decrypted authentication key, and to transfer the 
10 shared secret data; and 

an authentication system operationally coupled to the first secure 
12 processor and the second secure processor and operational to generate an 
authentication result using the shared secret data, to receive another 
14 authentication result from the wireless commimications device, and to 
authenticate the wireless communicatioris device if the authentication result 
16 generated in the authentication system matches the other authentication result 
from the wireless commimications device. 

18 
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33. The system of claim 32 wherein the first secure processor and the 
second secure processor are operationally coupled and operational to generate 
an encryption key for decrypting the encrypted authentication key. 

34. The system of claim 32 wherein the first secure processor and the 
second secure processor are operational to send the encryption key to a third 
secure processor. 

35. A system for generating an authentication key and shared secret 
data for a wireless communications system, the system comprising: 

a first secure processor operational to receive an encrypted 
authentication key, to decrypt the encrypted authenticaHon key using an 
encryption key, to generate shared secret data using the decrypted 
authentication key, and to transfer the shared secret data; 

an authentication system operationally coupled to the first secure 
processor and operational to receive the encrypted authentication key, to 
transfer the encrypted authentication key to the first secure processor, and to 
receive and store the shared secret data from the first secure processor; and 

a second secure processor operational to exchange information with a 
12 wireless communications device to generate the authentication key, and to 
encrj^rt the authentication key using the encryption key. 

36. The system of claim 35 wherein the second secure processor is 
2 operational to transfer the encrypted authentication key to the authentication 

system. 

37. The system of claim 35 wherein the second secure processor is 
2 operational to transfer the encrypted authentication key to a storage medium. 

38. The system of claim 35 further comprising the wireless 
2 communications device and wherein the wireless commurucations device is 

operational to store the authentication key. 

4 

39. The system of claim 35 wherein the second seciue processor is 
2 located at a facility where the wireless commimications device is manufacttu-ed. 



10 
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40. A product storing software for execution by a processor in a 
2 wireless communicatioris system, the product comprising: 

interface software operational when executed by the processor to direct 
4 the processor to receive an encrypted authentication key and to transfer the 
shared secret data; 

6 encryption software operational when executed by the processor to 

direct the processor to decrypt the encrypted authentication key; 
8 data generation software operatioiial when executed by the processor to 

direct the processor to generate the shared secret data using the decrypted 
10 authentication key; and 

a software storage medium op>erational to store the interface software, 
12 the encryption software, and the data generation software, 

41. The product of claim 40 wherein: 

2 the data generation software is further operational when executed by the 

processor to direct the processor to generate the authentication key; 

4 the encryption software is further operational when executed by the 

processor to direct the processor to encrypt the authentication key; and 

6 the interface software is further operational when executed by the 

processor to direct the processor to transfer the encrypted authentication key 

8 from the processor. 

42. The product of claim 40 wherein the encryption software is 
2 further operational when executed by the processor to direct the processor to 

generate an encryption key. 

43. The product of claim 40 wherein: 

2 the interface software is further operational when executed by the 

processor to direct the processor to receive the shared secret data; and 

4 the data generation software is further operational when executed by the 

processor to direct the processor to generate an authentication result using the 

6 shared secret data. 
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SECURE PROCESSING FOR AUTHENTICATION 
OF A WIRELESS COMMUNICATIONS DEVICE 



5 BACKGROUND OF THE INVENTION 

L Field of the Invention 

The present invention relates to the field of wireless communications. 
10 More particularly, the present invention relates to a novel and improved 
system that encrypts the information used to authenticate a v^ireless 
communications device. 

II. Description of the Related Art 

15 

The security of a wireless communications system is an important factor 
in determining the quality of the system. A major security threat to wireless 
communications systems is the cloning of wireless commimications devices. 
Each wireless communications device has an authentication key (A-Key), The 

20 wireless communications system uses the A-key along with other information 
to aiithenticate the wireless communications device, and the wireless 
communications device may be denied service without proper authentication. 

This orher information used with the A-key to authenticate the wireless 
comm.unications device is typically broadcast over the air and is relatively easy 

25 to obtain. The A-key is the one piece of information that should remain 
absolutely secret within the wireless communications device and the wireless 
communications system. If the A-Key is obtained, then the legitimate wireless 
communications device can be readily cloned given the available access to the 
other information. The wireless commimications system is unable to 

30 differentiate between the legitimate wireless communications device and the 
clone. 

Unfortunately, the user of the legitimate wireless communications 
device is improperly billed for calls made with the clone. The wireless 
communications system typically forgives the fraudulent bills, but the 
35 reputation of the wireless communications system is damaged. The wireless 
communications system must also increase capacity to handle fraudulent calls 
without obtaining any associated revenue. The cost of the increased capacity is 
typically passed on to legitimate wireless coirmumications device users. 
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The wireless communications system has an authentication system to 
authenticate wireless communications devices. The authentication system and 
the wireless communications device each use the A-key and a shared random 
number to generate identical Shared Secret Data (SSD). The authentication 
5 system and the wireless commimications device periodically update the SSD. 
To authenticate a wireless communications device, the authentication system 
and the wireless communications device share another random number. The 
authentication system and the wireless communications device each use the 
SSD and this other random number to generate an authentication result. The 
10 wireless commimications device is authenticated if it transfers a matching 
authentication result to the authentication system. Although technically 
possible, it is not computationally feasible to derive the A-Key from the 
authentication result considering the vast amount of computing power and 
time required. 

^5 The authentication system maintains large databases of A-Keys for 

millions of wireless communications devices. The mass storage of A-Keys 
poses a great risk. If a person obtains access to the authentication system, then 
that person can potentially clone large numbers of wireless communications 
devices and seriously tmdermine the security and integrity of the wireless 

20 communications system. The wireless commimications system would be 
greatly improved by a technology that improves the security of A-Keys in a 
wireless communications system. 

SUMMARY OF THE INVENTION 

25 

The present invention is a novel and improved system that provides 
security for the A-Keys in a wireless commimications system. The system 
effectively prevents any human access to the A-Keys and eliminates cloning. 
The system improves the security and integrity of the wireless communications 
30 system. 

The invention allows the authentication system to store only encrypted 
A-Keys. The decryption key for the encrypted A-Keys is stored in a secure 
processor. The authentication system uses the secure processor for A-key 
operations. The secure processor can be physically isolated to prevent human 
35 access to the A-Keys and the A-key decryption key- For example, the secure 
processor can be encased in concrete or placed in a vault. Thus, the decrypted 
authentication keys only exist momentarily in the secure processor, and the 
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authentication system only stores encrypted A-keys. The invention eliminates 
the storage of large numbers of deoypted A-Keys. 

The secure processor exchanges random ntmibers with the wireless 
communications device to generate the A-Key. The secure processor then 
5 encrypts the A-Key and transfers the encrypted A-Key to the authentication 
system. When the authentication system generates or updates the SSD, the 
authentication system transfers the encrypted A-Key and other information to 
the secure processor. The secure processor decrypts the A-Key and calctdates 
the SSD. The secure processor transfers the SSD to the authentication system 

10 for use in authenticating the wireless communications device. 

The A-Key is generated in the secure processor and it is not transferred 
from the secure processor imless it is encrypted. The decrypted A-Key is only 
present in the secure processor momentarily during its actual use and is not 
permanently stored. Thus, the invention eliminates the need for a database of 

15 non-encrypted A-Keys. The invention also restricts human access to the A-key 
decryption key. 

BRIEF DESCRIPTION OF THE DRAWINGS 

20 The features, objects, and advantages of the present invention will 

become more apparent from the detailed description set forth below when 
taken in conjunction with the drawings in which like reference characters 
identir>' correspondingly throughout and wherein: 

FIG. 1 is a block diagram of a wireless communications system in an 
25 embodiment of the invention; 

FIG. 2 is a block diagram of an authentication system and a secure 
processor in an embodiment of the invention; 

FIG. 3 is process diagram illustrating A-Key generation in an 
embodiment of the invention; 
30 FIG. 4 is process diagram illustrating SSD generation or update in an 

embodiment of the invention; 

FIG. 5 is process diagram illustrating wireless communications device 
authentication in an embodiment of the invention; 

FIG. 6 is process diagram illustrating A-Key generation using Diffie- 
35 Hellman in an embodiment of the invention; 

FIG. 7 is process diagram illustrating SSD generation or update using 
CAVE in an embodiment of the invention; 
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FIG. 8 is process diagram illustrating wireless communications device 
authentication using CAVE in an embodiment of the invention; 

FIG. 9 is process diagram illustrating wireless commimications device 
authentication in an alternative embodiment of the invention; 

FIG. 10 is a block diagram of an authentication system and redundant 
secure processors in an embodiment of the invention; and 

FIG. 11 is a block diagram of an authentication system and a secure 
processor coupled to another secure processor at a wireless communications 
device manufacturing facility in an embodiment of the invention. 

DETAILED DESCRIFnON OF THE PREFERRED 

EMBODIMENTS 

Authentication in a wireless commimications system is discussed in the 
15 IS-95 standard approved by the Telecommunications Industry Association and 
in the 41(d) standard of the American National Standards Institute (ANSI). 
Authentication relies on a secret Authentication Key (A-Key) that is stored in 
both the wireless device and the communications system. The wireless device 
and the communications system use the A-Key and other data to generate 
20 Shared Secret Data (SSD). The wireless device and the communications system 
use the SSD and other data to generate an authentication result. The 
authentication result generated by wireless device should be the same as the 
authentication result generated by the cormntmications system. The two 
authentication results are compared, and the wireless device is authenticated if 
25 they match. 

The A-Key is not transmitted and typically remains the same. The SSD 
is periodically updated because it may be transmitted over the signaling 
network, such as Signaling System # 7. The SSD is not typically transmitted 
over the air between the wireless communications device and the wireless 
30 commimications system. The SSD is used with other information to generate 
the authentication result that is transmitted over the air between the wireless 
commimications device and the wireless commimications system. The terms 
and operations described in the above two paragraphs are known in the art. 

35 Svstem Configuration - FIGS. 1-2 

FIG. 1 depicts a wireless commimications device 100 that communicates 
with a wireless communications system 101. The wireless communications 
system 101 comprises a base station 102, an authentication system 103, and a 



BNSCXX^ID: <WO 0011635A1JA> 



, WOpO/n835 ^ PCT/US99/19199 



10 



15 



5 

secure processor 104. TypicaUy, a wireless communications system includes 
multiple base stations and base station confa-oUers that support numerous 
wireless communications devices. HG. 1 has been simplified for clarity and 
omits some conventional elements known to those skiUed in the art. 

The wireless communications device 100 exchanges wireless 
communications signals with the base station 102 over the air interface. The 
wireless communications device 100 could be any wireless communications 
device that requires authentication, such as a mobile phone, wireless terminal, 
or computer. The wireless communications device 100 stores authentication 
information and authentication instanictions for execution by an internal 
processor. The instructions direct the wireless communications device 100 to 
generate and store an A-Key, SSD, and authentication results. The insti^ctions 
also direct the wireless communications device 100 to exchange information 
with the authentication system 103 to facilitate authentication. 

The base station 102 exchanges wireless commimications signals with 
the wireless communications device 100 over the air interface. The base station 
102 also exchanges commimications signals with other commimications 
network elements, such as controUers, switches, and databases. The base 
station 102 is operationally coupled to the authentication system 103, typically 
through a base station controUer. In some embodiments, the wireless 
communications device 100 and the base station 102 are Code Division Multiple 
Access (CDMA) devices. The IS-95 standard, approved by the 
Telecommunication Industry Association, provides a specification for CDMA 
in a wireless communication system. 
25 The authentication system 103 provides an authentication service to the 

wireless communications device 100 and the base station 102. In some 
embodiments, the authentication system 103 forms a sub-system of a Home 
Location Register (HLR). The autiientication system 103 is a computer system 
that stores authentication information and operating instructions for execution 
30 by an internal processor. The operating inshojctions direct the authentication 
system 103 to store encrypted A-Keys and SSD from the secure processor 104 
and to generate authentication results. The operating insti^ctions also direct 
the authentication system 103 to exchange information with the wireless 
communications device 100 and the secure processor 104 to authenticate the 
35 wireless communications device 100. 

The secure processor 104 provides an encryption capability to the 
authentication system 103. Physical and electi-onic access to the secure 
processor 104 is typicaUy heavily restricted. For example, the secure processor 
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104 may be placed in a vault or encased in concrete. The secure processor 
104 stores and executes operating instructions. The operating instructions 
direct the secure processor 104 to generate and encrypt A-Keys for storage in 
the authentication system 103. The operating instructions also direct the 
5 secure processor 104 to generate SSD for storage and use in the 
authentication system 103. 

FIG. 2 depicts the authentication system 103 and the secure processor 
104 in greater detail. The authentication system 103 comprises a processor 
210, an interface 211, and an authentication information database 212. The 

10 secure processor 104 comprises a processor 220, an interface 221, and a 
memory 222. The interfaces 211 and 221 are connected by a data link and 
comprise any system that supports data transfer between the authentication 
system 103 and the secure processor 104. The interfaces 211 and 221 could 
support conventional communications, such as serial communications or 

15 Ethernet. The authentication information database 212 stores the SSD and 
encrypted A-Keys. The authentication information database 212 may also 
store operating instructions for the processor 210. The memory 222 is a 
storage medium that stores operating instructions and decryption keys for 
the processor 220. 

20 The processors 210 and 220 could be conventional microprocessors, or 

groups of microprocessors, that execute operating instructions. The 
processor 210 executes instructions that cause the authentication system to 
interact with the wireless communications device 100 and the secure 
processor 104 to authenticate the wireless communications device 100. The 

25 processor 220 executes instructions that cause the secure processor 104 to 
interact with the authentication system 103 to generate an encrypted A-Key 
and to subsequently decrypt the encrypted A-Key and generate the SSD. 

The operating instructions stored in the secure processor 104, the 
authentication system 103, and the wireless communications device 100 

30 could be software stored on conventional storage medium. The storage 
medium could be a conventional memory, disk, or integrated circuit. The 
processors in the secure processor 104, the authentication system 103, and 
the wireless communications device 100 execute the software. When 
executed, the software directs the processors to operate in accord with the 

35 invention. This operation will become readily apparent to those skilled in 
the art in the following discussion of FIGS. 3-8. 
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System Op pra Hon - FIGS. 

Those skilled in the art wUl recognize that processing and messages 
depicted on HGS. 3-8 have been simplified, and that some conventional aspects 
of authentication have been omitted for clarity. In addition, the base station 
and the base station conbroUer that are typically located between the wireless 
device and the authentication system have been omitted for clarity. Those 
skilled in the art will appreciate the operation of these devices within the 
context of FIGS. 3-8. 

FIG. 3 depicts A-Key generation. The A-key is typically generated when 
service to the wireless communications device 100 is initially provisioned, such 
as during an Over-The-Air Service Provisioning (OTASP) operation. The A- 
Key generation process begins when the authentication system 103 generates 
an A-Key order and transmits the A-Key order to the device 100 and the secure 
processor 104. The A-Key order contains parameters for A-Key generation. 
The device 100 and the secure processor 104 generate an A-Key. Typically, A- 
Key generation between remote devices requires an exchange of random 
numbers to jointly calculate the A-Key. The device 100 stores the A-Key. The 
secure processor 104 encrypts the A-Key and transfers the encrypted A-Key to 
the authentication system 103. The authentication system 103 stores the 
encrypted A-Key. 

FIG. 4 depicts SSD generation or SSD update. The authentication system 
103 generates a random number RANDSSD. The authentication system 103 
sends an SSD update to the device 100 and the secure processor 104. The SSD 
update contains parameters for SSD generation, such as the RANDSSD. The 
SSD update to the secure processor 104 includes the encrypted A-Key. The 
secure processor 104 decrypts the A-Key. The secure processor 104 uses the A- 
Key to generate the SSD and sends the SSD to the authentication system 103. 
The authentication system 103 stores the SSD. The device 100 uses the A-Key to 
generate and store the SSD. After the A-Keys are stored, the device 100 and the 
authentication system 103 may execute a base station chaUenge to confirm the 
validit>' of the SSD generation. 

FIG. 5 depicts one example of authentication in the form of a uiuque 
challenge, but the invention is not resti-icted to this particular form of 
authentication. The autiientication system 103 sends an authentication 
35 challenge to the device 100. ]n another form of authentication, the mobile 
switching center may broadcast the authentication challenge to the device 100 
and provide the authentication chaUenge to the authentication system 103. In 
either case, the authentication challenge contains parameters for generation of 
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an authentication result (AUTH). The device 100 and the authentication system 
103 each use their internally stored SSD and a random number from the 
challenge message to generate AUTH. The device 100 transfers the AUTH to 
the authentication system 103 where the two AUTHs are compared. The 
5 authentication system 103 authenticates the device 100 if the AUTHs match. 

FIGS. 6-8 depict a specific embodiment of the operation depicted in 
FIGS. 3-5, but the invention is not restricted to this specific embodiment. FIG. 6 
depicts A-Key generation using the Diffie-Hellman algorithm and Blowfish 
enayption. Diffie-Hellman is a known algorithm for two remote systems to 

10 agree on a secret key. Blowfish is a knovm encryption technique. CKffie- 
Hellman discussed in United States Patent 4,200,770 entitled "Cryptographic 
Apparatus and Method/' Diffie-Hellman and Blowfish are also discussed in 
the book Applied Cryptography by Bruce Schneier, 2nd edition, published by 
John Wiley & Sons of New York, ISBN 0-471-11709-9. 

15 The secure processor 104 generates and stores a Blowfish encryption 

key, typically upon installation. The authentication system 103 generates two 
integers N and G and transfers N and G to the device 100 and the secure 
processor 104. The device 100 generates a large random integer A, and the 
secure processor 104 generates a large random integer B. The device 100 

20 calculates X~G^ mod N, and the secure processor 104 calculates Y = G^ mod N. 
The "mod" operation is a knowTi modulo calculation, such as that used with 
conventional time keeping at modulo 12 where 10:00 + 13 hours = 23 mod 12 = 
11:00. The device 100 and the secure processor 104 exchange X and Y. The 
device 100 then calculates A-Key = mod N, and the secure processor 104 

25 calculates A-Key = mod N. The two A-Keys should be the same. The device 
100 stores the A-Key, typically using flash Read Only Memory (ROM). The 
secure processor 104 applies Blowfish to encrypt the A-Key and transfers the 
encrypted A-Key to the authentication system 103. The authentication system 
103 stores the encrypted A-Key. 

30 It should be noted that the A-Key is generated in the secure processor 

104, but is not stored in the secure processor 104. In addition, the 
authentication system 103 only stores the encrypted A-Key. Therefore, the 
commxmications system does not have a large list of non-encrypted A-Keys. 
The decryption key for the encrypted A-Key is generated and stored only 

35 within the secure processor. 

FIG. 7 depicts SSD generation or update using the Cellular 
Authentication Voice Encryption (CAVE) algorithm. The CAVE algorithm is a 
known one-way hash function. Two remote systems can each input the same 
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secret ID into the CAVE algorithm and publicly share their respective output. 
The outputs are the same if the secret IDs are the same, yet the secret ID is 
impossible to derive from the output from a practical standpoint. The CAVE 
algorithm is discussed in Appendix A of the IS-54 standard approved by the 
5 Telecommunications Industry Association. 

The authentication system 103 sends an SSD update to the device 100 
and the secure processor 104. The SSD update to the device 100 contains the 
random number RANDSSD that was generated by the authentication system 
103. The SSD update to the secure processor 104 includes the RANDSSD, 

10 encrypted A-Key, and other Identification Liformation (ID INFO). The ID INFO 
typically includes data such as an Electronic Serial Number (ESN) and a Mobile 
Identification Number (MIN) or an International Mobile StaHon Identity (IMSI). 
Those skilled in the art are familiar with the tjrpes of ID INFO and their 
respective use. Although the term "mobile" is used in the MIN and the IMSI, 

15 these x-alues and the invention can be used in the context of fixed wireless 
systems. 

The secure processor 104 applies Blowfish to decrypt the A-Key using its 
internally stored Blowfish key. The secure processor 104 inputs RANDSSD, A- 
Key and ID INFO into CAVE to generate the SSD. The secure processor 104 
20 sends the SSD to the authentication system 103 where it is stored. The device 
100 also inputs RANDSSD, A-Key, and ID INFO into CAVE to generate and 
store the SSD. 

The device 100 and the authentication system 103 then execute a base 
station challenge to confirm proper SSD generation. The device 100 generates a 

25 random number (RANDBS) and transfers RANDBS to the authentication 
system 103. Both the device 100 and the authentication system 103 input 
RANDBS, SSD, and ID INFO into CAVE to generate an SSD authentication 
result (AUTH). The authentication system 103 transfers AUTH to the device 
100 where the two AUTHs are compared. The device 100 confirms the 

30 successful SSD generation with the authentication system 103 if the two AUTHs 
match. 

FIG. 8 depicts one example of authentication using CAVE. The 
authentication system 103 sends an authentication challenge to the device 100. 
The authentication challenge includes a random number (RANDU) for use in 
35 authentication. The device 100 and the authentication system 103 each input 
RANDU, SSD, and ID INFO into CAVE to generate an authentication result 
(AUTH). The device 100 transfers AUTH to the authentication system 103 
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where the two AUTHs are compared. The authentication system 103 
authenticates the device 100 if the two AUTHs match. 

Alternative System Operation - FIG. 9 
5 FIG. 9 depicts an alternative system operation where the secure 

processor generates the authentication result and other data. The 
authentication system 103 transfers an authentication challenge with a random 
number to the device 100 and the secure processor 104. The authentication 
challenge to the secure processor 104 also includes the SSD. The secure 

10 processor 104 generates an authentication result (AUTH) from the SSD and the 
random number. This could be accomplished using the CAVE algorithm as 
described above. The device 100 also generates AUTH from the SSD and the 
random number. The device 100 transfers its AUTH to the secure processor 
104. The secure processor 104 compares the AUTHs and instructs the 

15 authentication system 103 if the two AUTHs match. The authentication system 

103 authenticates the device 100 based on the match indicated by the secure 
processor 104. Alternatively, the device 100 and the secure processor 104 each 
transfer their respective AUTH to the authentication system 103 for 
comparison. 

20 The secure processor 104 also generates either the Signaling Message 

Encryption (SME) key or the Cellular Message Encryption Algorithm (CMEA) 
key. Either key is used by the wireless commimications system to encrypt 
signaling messages. The keys are typically generated by inputting results from 
the AUTH generation, the SSD, and the random number into CAVE. The 

25 secure processor 104 transmits the key to the authentication system 103. After 
the secure processor 104 generates the SME key or the CMEA key, it generates 
either a Voice Privacy Mask (VPM) or a CDMA Private Long Code Mask 
(PLCM). The masks are used to encode wireless voice conversations. The 
masks are typically generated by executing additional iterations of the CAVE 

30 algorithm used to generate the above keys. The secure processor 104 transfers 
the mask to the authentication system 103. 

In FIG. 9, the secure processor 104 can generate AUTH, SME key, CMEA 
key, VPM, or CDMA PLCM values. This allows the CAVE algorithm to be 
located in the secure processor 104 and not in the authentication system 103. 

35 The removal of the CAVE algorithm from the authentication system 103 
simplifies system design, distribution, and exportation. The secure processor 

104 can also be adapted to perform other tasks involving CAVE. 
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Redundant Sf>cure Processors - FIG. 10 

FIG. 10 depicts authentication system 103 and secure processor 104. An 
additional secure processor 105 has been added and is connected to the 
authenHcation system 103 and the secure processor 104. The addition of the 
5 secure processor 105 provides better reliability and faster performance to the 
authenHcation system 103. If the secure processor 104 has not responded to an 
earlier authentication task, and the authentication system 103 must authenticate 
another user, then the authentication system 103 can send the new 
authentication task to the secure processor 105. 

10 The secure processors 104 and 105 must each store the same encryption 

key, such as the same Blowfish key. The secure processors 104 and 105 could 
use either Diffie-Hellman or conventional public /private encryption techniques 
to agree on the same encryption key. If secure processor 104 fails and is 
replaced, the authentication system 103 can command the secure processor 105 

15 to send its encrjT^tion key to the new secure processor using conventional 
encryption techniques. 

A-Kev Generation at the Manufacturing Facility - FIG. 1 1 

FIG. 11 depicts the authentication system 103 and the secure processor 
20 104. An additional secure processor 106 is placed at the facility where the 
device 100 is manufactured. The secure processor 104 and the secure processor 
106 agree on an encryption key in a secure manner. This agreement could be 
accomplished using conventional techniques. 

During manufacture of the device 100, the secure processor 106 
25 exchanges information with the wireless commvmications device 100 to 
generate an A-Key. The secure processor 106 encrypts the A-Key using the 
encryption key. The secure processor 106 transfers the encrypted A-Key onto a 
storage medium, such as a disk. The encrypted A-Keys are then loaded from 
the disk into the authentication system 103. Alternatively, secure processor 106 
may transfer the encrypted A-Keys to authentication system 103 over a data 
link. The authentication system 103 receives the encrypted A-key and transfers 
the encrypted A-key to the secure processor 104. 

The secure processor 104 receives the encryption key from the secure 
processor 106 and receives the encrypted A-Key from tiie authentication system 
35 103. The sectu-e processor 104 decrypts the encrypted A-Key using the 
encryption key and generates the SSD using the decrypted A-Key. The secure 
processor 104 transfers SSD to the authentication system 103. The 
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authentication system 103 receives and stores the SSD from the secure 
processor 104. 

Hie previous description of the preferred embodiments is provided to 
enable any person skilled in the art to make or use the present invention. The 
5 various modifications to these embodiments will be readily apparent to those 
skilled in the art, and the generic principles defined herein may be applied to 
other embodiments without the use of the inventive faculty. Thus, the present 
invention is not intended to be limited to the embodiments shown herein but is 
to be accorded the widest scope consistent vnih the principles and novel 
10 features disclosed herein. 
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1. A method for operating a wireless communications system, the 
method comprising: 

receiving an encrypted authentication key from an authentication 
system into a secure processor; 

decrypting the encrypted authentication key in the secure processor; and 
generating shared secret data in the secure processor using the 
decrypted authentication key. 

2. The method of claim 1 hirther comprising transferring the shared 
2 secret data from the secure processor to the authentication system. 

3. The method of claim 2 further comprising: 

2 generating an authentication result in the authentication system using 

the shared secret data; 
4 receiving another authentication result into the authentication system 

from the wireless commxmications device; and 
6 in the authentication system, authenticating the v^ireless 

communications device if the authentication result generated in the 
8 authentication system matches the other authentication result from the wireless 

communications device. 

4. The method of claim 3 further comprising: 

2 generating the shared secret data in the wireless communications device 

using the authentication key; 
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4 generating the other authentication result in the wireless 

communications device using the shared secret data; and 
6 transferring the other authentication result from the wireless 

commimications device to the authentication system. 

5. The method of claim 1 further comprising: 

2 generating the authentication key in the secure processor; 

encrypting the authentication key in the secure processor; and 
4 transferring the encrypted authentication key from the secure processor 

to the authentication system. 

6. The method of claim 5 further comprising: 

2 receiving the encrypted authentication key from the secure processor 

into the authentication system; and 
4 storing the encrypted authentication key in the authentication system. 

7. The method of claim 1 further comprising generating an 
2 authentication result in the secure processor using the shared secret data. 

8. The method of claim 7 further comprising: 

2 receiving another authentication result into the secure processor from 

the wireless communications device; and 
4 in the secure processor, comparing the authentication result generated in 

the authentication system to the other authentication result from the wireless 
6 communications device. 

9. The method of claim 1 further comprising generating a Signaling 
2 Message Encryption key in the secure processor using the shared secret data. 

10. The method of claim 1 further comprising generating a Cellular 
2 Message Encryption Algorithm key in the secure processor using the shared 

secret data. 

11. The method of claim 1 further comprising generating a Voice 
2 Privacy Mask in the sectire processor using the shared secret data. 
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12. The method of claim 1 further comprising generating a Code 
2 Division Multiple Access Private Long Code Mask in the secure processor 

using the shared secret data. 

13. The method of claim 1 further comprising restricting physical 
2 access to tfie secvu-e processor. 

14. The method of claim 1 wherein the wireless communications 
2 device is a Code Division Multiple Access device. 

15. The method of claim 1 wherein the authentication system 
2 comprises a home location register. 
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2 16. A method for generating an authentication key for use by a 

wireless conrununications system in authenticating a wireless commimications 

4 device, wherein the wireless communications system includes an 
authentication system and a secure processor, the method comprising: 

6 generating the authentication key in the secure processor; 

encrypting the authentication key in the secure processor; and 

8 transferring the encrypted authentication key from the secure processor 

to the authentication system. 

17. The method of claim 16 further comprising: 

2 receiving the encrypted authentication key from the secure processor 

into the authentication system; and 
4 storing the encrypted authentication key in the authentication system. 

18. The method of claim 16 wherein generating the authentication 
2 key further comprises: 

generating a first number in the secure processor; 
4 generating a second nimiber in the secure processor using the first 

number; 

6 transferring the second number from the secure processor to the wireless 

communications device; 
8 receiving a third number into the secure processor from the wireless 

communications device; and 

generating the authentication key in the secure processor using the first 
number and the third number. 



10 



19. The method of claim 18 wherein generating the authentication 
2 key further comprises: 

generating a fourth number in the wireless communications device; 
4 generating the third number in the wireless commimications device 

using the fourth nimnber; 
6 transferring the third number from the wireless commimications device 

to the secure processor; 
8 receiving the second number into the wireless communications device 

from the secure processor; and 
10 generating the authentication key in the wireless commimications device 

using the second number and the fourth number. 
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20. A system for authenticating a wireless communications device 
that stores an authentication key, the system comprising: 

a secure processor operational to receive an encrypted authentication 
key, to decrypt the encrypted authentication key, to generate shared secret data 
using the decrypted authentication key,''and to transfer the shared secret data; 
and 

an authentication system operationally coupled to the secure processor 
and operational to generate an authentication result using the shared secret 
data, to receive another authentication result from the wireless communications 
device, and to authenticate the wireless communications device if the 
authentication result generated in the authentication system matches the other 
12 authentication result from the wireless communications device. 

21. The system of claim 20 further comprising the wireless 
2 communications device and wherein the wireless communications device is 

operational to generate the shared secret data using the authentication key, to 
4 generate the other authentication result using the shared secret data, and to 
transfer the other authentication result to the authentication system. 



10 



The system of claim 21 wherein the wireless commimications 
2 device is operational to generate the authentication key. 

23. The system of claim 21 further comprising a base station 
2 operational to hransfer information between the wireless communications 

device and the authentication system. 

24. The system of claim 20 wherein the secure processor is further 

2 operational to generate the autiientication key, to encrypt the authentication 

key, and to transfer the encrypted authentication key to the authentication 
4 system. 

25. The system of claim 24 wherein the authentication system is 
2 further operational to receive and store the encrypted authentication key from 

the secure processor. 

4 

26. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Signaling Message Encryption key using the shared 

secret data. 
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27. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Cellular Message Encryption Algorithm key using the 

shared secret data. 

28. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Voice Privacy Mask using the shared secret data. 

29. The system of claim 20 wherein the secure processor is further 
2 operational to generate a Code Division Multiple Access Private Long Code 

Mask using the shared secret data. 

4 

30. The system of claim 20 wherein the wireless commimications 
2 device is a Code Division Multiple Access device. 

31. The system of claim 20 wherein the authentication system 
2 comprises a home location register. 

32. A system for authenticating a wireless communications device 
2 that stores an authentication key, the system comprising: 

a first secure processor operational to receive an encrypted 
4 authentication key, to decrypt the encrypted authentication key, to generate 
shared secret data using the decrypted authentication key, and to transfer the 
6 shared secret data; 

a second secure processor operational to receive the encrypted 
8 authentication key, to decrypt the encrypted authentication key, to generate the 
shared secret data using the decrypted authentication key, and to transfer the 
10 shared secret data; and 

an authentication system operationally coupled to the first secure 
12 processor and the second secure processor and operational to generate an 
authentication result using the shared secret data, to receive another 
14 authentication result from the wireless communications device, and to 
authenticate the wireless communications device if the authentication result 
16 generated in the authentication system matches the other authentication result 
from the wireless communications device. 

18 
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33. The system of claim 32 wherein the first secure processor and the 
2 second secure processor are operationally coupled and operational to generate 

an encryption key for decrypting the encrypted authentication key. 

34. The system of claim 32 wherein the first secure processor and the 
second secure processor are operational to send the encryption key to a third 
secure processor. 



2 



35. A system for generating an authentication key and shared secret 
2 data for a wireless communications system, the system comprising: 

a first secure processor operational to receive an encrypted 
4 authentication key, to decrypt the encrypted authentication key using an 
encryption key, to generate shared secret data using the decrypted 
6 authentication key, and to transfer the shared secret data; 

an authentication system operationally coupled to the first secure 
8 processor and operational to receive the encrypted authentication key, to 
transfer the encrypted authentication key to the first secure processor, and to 
10 receive and store the shared secret data fi-om the first secure processor; and 

a second secure processor operational to exchange information with a 
12 wireless communications device to generate the authentication key, and to 
encr\-pt the authentication key using the encryption key. 



2 



2 



4 



36. The system of claim 35 wherein the second secure processor is 
operational to transfer the encrypted authentication key to the authentication 
system. 

37. The system of claim 35 wherein the second seciu-e processor is 
operational to h-ansfer the encrypted authentication key to a storage medium. 



38. The system of claim 35 further comprising the wireless 
2 conununications device and wherein the wireless communications device is 
operational to store the authentication key. 



39. The system of claim 35 wherein the second seciu-e processor is 
2 located at a facility where the wireless communications device is manufactured. 
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40. A product storing software for execution by a processor in a 
2 wireless conmiimications systern, the product comprising: 

interface software operational when executed by the processor to direct 
4 the processor to receive an encrypted authentication key and to transfer the 
shared secret data; 

6 encryption software operational when executed by the processor to 

direct the processor to decrypt the encrypted authentication key; 
8 data generation software operational when executed by the processor to 

direct the processor to generate the shared secret data tasing the decrypted 
10 authentication key; and 

a software storage medium operational to store the interface software, 
12 the encryption software, and the data generation software. 

41. The product of claim 40 wherein: 

2 the data generation software is further operational when executed by the 

processor to direct the processor to generate the authentication key; 

4 the encryption software is further operational when executed by the 

processor to direct the processor to encrypt the authentication key; and 

6 the interface software is further operational when executed by the 

processor to direct the processor to transfer the encrypted authentication key 

8 from the processor. 

42. The product of claim 40 wherein the encryption software is 
2 further operational when executed by the processor to direct the processor to 

generate an encryption key. 

43. The product of claim 40 wherein: 

2 the interface software is further operational when executed by the 

processor to direct the processor to receive the shared secret data; and 

4 the data generation software is further operational when executed by the 

processor to direct the processor to generate an authentication result using the 

6 shared secret data. 



BNSEXXriD: <WO_ 



.0011635A1_IA> 



wo 00/11835 



1/11 



PCTAJS99/19199 



V4 



CO 



CO p ^ 

S < ^ 

S y P 

S 5 ^ 

S 5 > 

^ S ^ 



o 





O 

l-H 




SUBSTITUTE SHEET (RULE 26) 



3NSD0CID: <WO_001 1835A1.IA> 



wo 00/11835 



PCTAJS99/19I99 



2/11 



o 





SUBSTITUTE SHEET (RULE 26) 



BNSDOCID: •:WO_0011 B35A 1_l A> 



wo 00/1 1835 



3/11 



PCTAJS99/19199 



O 

CO 
CO 
UJ 
U 
O 

Oh 



ID 
U 

GO 



u 

CO 

>- 
< 



o 




O 



o 

I 

< 

z 
o 



a: 
to 
O 

O 
>- 

w 

I 

< 



a: 
m 
Q 

O 
>- 

1^ 



UJ 

I 

< 

Q 

E- 

U 

z 

UJ 



UJ 

I 

< 

Q 

UJ 

CJ 
2 

UJ 



d 



o 



UJ 

y o 

> o 

UJ — 




SUBSTITUTE SHEET (RULE 26) 

BNSDOCrD: <WO 0011835A1_IA> 



wo 00/1 1835 PCT/US99*/19199 

4/11 



O 

CO 
CO 
UJ 
U 
O 
os: 
a- 

ZD 
U 

UJ 
CO 



o 



CO 

CO ^ 



Q 

CO 
CO 

Q 
Z 

UJ 
H 

z 
u 

a 



UJ 

< 

Q 
u 

h- 

z 

<^ 
UJ 

< 

Q 

Q 

zr> 




Q 

CO 



Q 

or) 
oo 

LU 
OS 
O 
H 

CO 



d 



2 

Dm 

Q 

CO 
CO 



y o 
> o 




SUBSTITUTE SHEET (RULE 26) 



BNSDOCID: <WO 001ie35A1_IA> 



wo 00/11835 



PCTAJS99/19199 



5/11 



oi 
O 

CO 

O 
O 

a: 
a, 

W 
UJ 



o 




< 

CJ 

X 
H 

< 



UP 

S:^ O 
> o 

Q 



X 

H 
ID 
< 



d 



SUBSTITUTE SHEET (RULE 26) 



BNSOOCID: <WO 001 1835A1_IA> 



wo 00/11835 



PCT/US99/19199 



6/11 



o 

C/D 

tu 

U 
O 
Qi 
(X 

S 

GO 



o 



w 



o 



y o 

> <=> 

UJ ~ 
Q 



2 



z 

U 
2 
UJ 

O 



2 




< 




X 



>- 

UJ 

:^ 

I 

< 

a 

UJ 

h- 

cu 

>- 

a: 

u 

z 

UJ 
UJ 

O 
c/3 



2 



A-KEY 




m 








p 




00 





SUBSTITUTE SHEET (RULE 26) 



BNSCOCID: <WO 0011835A1JA> 



WO 00/11835 



7/11 



PCT/US99/19199 




2 



SUBSTITUTE SHEET (RULE 26) 

BNSDOCID: <WO 001 183SA1.IA> 



WO 00/11835 PCTAJS99/19199 

8/11 



O 
oo 

u 

O 

w 

:d 
u 
m 



o 




OO 

2 



SUBSTITUTE SHEET (RULE 26) 



BNSCOCtD: <WO 001 1835A1„IA> 



wo 00/11835 



PCT/US99/19199 



9/11 



a: 
o 

W 
O 
O 

D 
CJ 

00 



o 



H 
>- 

a: 

< 



O 



o 
> 

Q 



o 

o 



Q 

CO 
oo 

=y 

o 

2 

tu 

-J 
-J 
< 

u 
a: 

H 
< 



O 

< 

OS 
u 

D 
< 



3: 




-r 


IfT 






<: 




< 


u 
1- 






:S 






< 


ENEF 






OMP 


o 






u 



a: 
o 

< 

< 













>^ 










CO 


< 


















o 






o 






d 



SUBSTITUTE SHEET (RULE 26) 



BNStXXIlD: <WO_0011835A1_IA> 



wo 00/11835 



PCT/lJS997l9199 



10/11 



m 

O 






EM 




H 




OO 


< 


>^ 




00 




a 



BNSDOCID: <WO_0011B35A1JA> 



SUBSTITUTE SHEET (RULE 26) 



WO 00/1 1835 PCTAJS99/19199 

n/11 



< 






o 




INSTOCID: <WO_0011B35A1.IA> 



SUBSTITUTE SHEET (RULE 26) 



INTERll^IONAL SEARCH REPORT 


#- — 

Tx?rer ^nat Application No ^ ^j^^ 

PCT/US 99/19199 


A. CLASSiFlCATlON OF SUBJECT MATTER 

1 or 7 UA/iin/'^o un/tr\7/'in 
XrL / HU4Ly/J^ HU^U//oU 




According to Internationa) Patent C lass rticat ton (IPC) or to both national classification and IPC 




B- FIELDS SEARCHED 


Minimum documentation searched t class it icatron system followed by cfassitication syrrrtiOls) 

IPC 7 H04L 



Documematron searched other than minimum documentation to the extent that such documents are ir>cluded in the fields searched 



Electronic data base consulted during the international search (name of data base and, where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category '■ 


Citation of document, with indication, where appropriate, ot the relevant passages 


Relevant to claim No. 


X 


EP 0 853 438 A (PHILIPS ELECTRONICS NV) 


1-43 




15 July 1998 (1998-07-15) 






column 2, line 45 -column 4, line 36 




X 


EP 0 532 231 A (AMERICAN TELEPHONE & 


1,16,20. 




TELEGRAPH) 17 March 1993 (1993-03-17) 


32,35,40 




column 4, line 45 -column 14, line 35 




A 


EP 0 725 512 A (IBM) 


1-43 




7 August 1996 (1996-08-07) 






abstract 





□ 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



' Special categories oi cited documents : 

"A" document defining the general state of the art which is not 

considered to be of particular relevance 
"E" earlier document but published on or after the international 

fit>r>g date 

"L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of arwther 
citation or other special reason (as specified) 

-Q- document referring to an oral disclosure, use. exhibition or 
other means 

"P" document published prior to the international filing date but 
Eater than the pnonty date claimed 



T" later docunr>ent published atter the international filing date 
or prionty date and not in conflict with the application but 
cited to understartd the principle or trieory underiying the 
invention 

"X" document of particular relevance: the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken atone 

"Y" document of particular relevarKe: the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined v^th one or more other such docu- 
ments, such combination beir^ obvious to a person skilled 
in the art. 

document member of the same patent family 



Date of the actual completion of the international search 

13 January 2000 


Date ot mailing of the international search report 

20/01/2000 


Name and mailing address ot the ISA 

European Patent Office. P.B. 5818 Patenitaan 2 
NL - 2280 HV Rijswiik 
Tel. (+31-70) 340-2040. Tx. 31 651 epo nl. 
Fax: (+31-70) 34O-3016 


Authorized oflicer 

Zucka, G 



Form PCT/lSA/210 <secon<J sheeO (July 1992) 



BNSDOCID: <WO 001ie35A1JA> 



INTERNATI^AL SEARCH REPORT 

information on patent family members 



Inter >nal Application No 

PCT/US 99/19199 



Patent document 


Publication 


Patent family 


Publication 


cited in search report 


date 


member(s) 


date 



EP 0853438 



15-07-1998 



OP 10210535 A 



07-08-1998 



EP 


0532231 


A 


17-03-1993 


US 


5153919 


A 


06-10-1992 










FI 


924091 


A 


14-03-1993 










JP 


2675494 


B 


12-11-1997 










JP 


6195024 


A 


15-07-1994 


EP 


0725512 


A 


07-08-1996 


US 


5604801 


A 


18-02-1997 










JP 


8340330 


A 


24-12-1996 



Foim PCT/I S A/21 0 f patent tamity arrkex) {Jirfy 1992) 
3NSDOCID: <WO 001 1835A1JA> 



mo) 



